Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Providing public keys for token verification #518

Open
fitzthum opened this issue Sep 30, 2024 · 1 comment
Open

Providing public keys for token verification #518

fitzthum opened this issue Sep 30, 2024 · 1 comment

Comments

@fitzthum
Copy link
Member

Currently it's optional whether the KBS is configured with the public key of the AS. If the public key is not provided, the token is not verified. There is an option for someone to use a secure configuration, but I would be surprised if any users were aware of that.

With the EAR tokens, the EAR crate doesn't provide an option to use a token that hasn't been verified. It requires that the public key is provided. We could propose adding a non-secure feature to the crate, but I think it's better to start requiring that the public key is always set.

That said, we don't want to increase the burden on the end user. How can we have a configuration that is secure by default without making setup more complicated? One way would be to add some kind of init container to create these keys. Another option is to add an interface to the AS that allows it to report it public key. Then if the public key is not explicitly set in the KBS config, the KBS could ask the AS for it. In the built-in case this is secure. In the external case this would only be secure if the network where the KBS and AS communicate is trusted (which it often is).

Any other ideas?

@Xynnn007
Copy link
Member

Xynnn007 commented Oct 8, 2024

I prefer to add this logic to a script that generates the key pair and runs separately from the deployment of trustee. For example of docker compose case, we have an auth key pair generation commands before docker compose up -d. We could extend that and include all contents in one script. Same works with k8s deployments I think.

For advanced users, we could provide a guide to use their own key pairs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants